Cash Edge Pop Up
Some members have reported receiving a pop up box from Cash Edge when attempting to log into WAVE. The pop up asks for personal information including credit card information. Cash Edge is not a product offered by the Credit Union. If you receive this pop up, do not disclose any personal information. Call us at 800-467-5427 is you have any questions or concerns.
Phishing Scams
The Credit Union has been advised that some members are being targeted for a telephone phishing scam concerning their debit cards. Please review the list below for some helpful hints on how to protect yourself. Call 864-544-5400 or 800-467-5427 if you have questions or concerns.
-Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. If you did not initiate the communication, NEVER provide any information.
-If you believe the contact may be legitimate, contact the financial institution yourself by phone or in person. The key is that YOU should be the one to initiate the contact, using contact information that you have verified yourself.
-Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution will never ask you to verify your account information online.
-Review account statements regularly to ensure all charges are correct. Periodically review activity online to catch suspicious activity as soon as possible.
Attention: Pop Up Message Information
There are reports of a pop up window stating that personal information from a security breach with a marketing company named Epsilon has compromised personal information and that your credit score is available for free by clicking on a link. The Knoxville TVA Employees Credit Union does not use this company. Please do not click on any links within the pop up window. If you receive the pop up, it is advised that you log off the Internet and scan your computer with up-to-date anti-virus software. You can view the pop up message below.
New Phishing E-Mail Reported
There have been reports of a new phishing e-mail targeting home/property owners. The e-mail comes in claiming to be from the Internal Revenue Service asking home/property owners to respond with personal information. Below is an example of the phishing e-mail.
UNITED STATES INTERNAL REVENUE SERVICE: REFUND NOTIFICATION
After the last annual calculations, IRS has noticed tax overpayment by many property owners in the United States. If you own a house or a landed property in the United States, then you are eligible for a $5010.32 Tax Refund. To proceed with Tax Refund request, reply this message with your Full Name, Address and Phone number. Or send your information to irstaxrefund@email.ee You will be contacted shortly by IRS Tax Refund Officer.
Note: Only home owners and landed property owners in United States are eligible for the refund.
Regards, Internal Revenue Service
Remember the IRS does not communicate to taxpayers via e-mail and you should not respond. Recipients should send scam e-mails to the IRS using the instructions located at IRS.gov. http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=1
Check card transactions coming out of New York
The Credit Union is having to block check card transactions coming out of New York for a short period of time. There have been ATM counterfeit card withdrawals in that area. In order to better protect the Credit Union and its members these transactions are being blocked for now. If you need to use your card in New York, please contact us at 865-544-5400 or 800-467-5427. Thank you and we apologize for any inconvenience.
Tax preparers fraud
It has been reported that some consumers are being drawn in by individuals claiming to be tax preparers. They provide their personal information (i.e., name, social security number, etc.) to have tax refund completed and the phony tax preparer inflates the information as much as possible with fraudulent information (i.e., claiming children they don’t have, day care expenses, etc.) to obtain a larger refund. The tax refunds are transmitted as a direct deposit (ACH credit) to either a newly created account or an existing account with an impersonator added as a joint owner. These accounts are being established by either the impersonator or their recruiters. Once the tax refund has been deposited into this account, the impersonator or recruiter withdraws their fee and the remainder of the ACH credit goes to the tax recipient. It is important to be safe when giving our personal information to unknown parties. We want to remind members about the availability of Turbo Tax through our website to help ensure a safe return.
Fraudulent text messages
Mobile Banking provider MShift has received reports from other client institutions of an increase in fraudulent text messages sent to customers’ mobile phones via SMS/Text. If you receive an unexpected SMS/Text message represented as coming from your financial institution, you should contact your institution through a different channel of communication to confirm the legitimacy of the message. In order to protect your data, security, and privacy of financial information, you should not respond to the message directly. Please note, your browser based Mobile Banking provided by MShift remains secure. However, it is important that you always access MShift Mobile Banking sites directly and not through links provided in suspicious e-mail or text message links.
CUNA Mutual alerts credit unions of this risk.
Details: Advertisements have been posted on Craigslist as part of member recruitment scams nationwide. The ads solicit current credit union members and offer $75.00 or more for their assistance in gaining membership for ineligible individuals. This scam is targeting credit unions and members across the country.
The following are samples of Craigslist ads target credit union members for this recruitment scam:
If you’re a ABC Credit Union Member MAKE SOME EXTRA $$
This is NOT a scam! I am willing to call you and discuss extensively! I need a ABC Credit Union Member to sponsor me into the credit union. I am willing to pay $100 USD for this service. Please email me and we can discuss this in detail. This is a 1 day process and I want to become a member for investment account/interest rate purposes.
Need to find a XYZ Credit Union Member
I was just approved for a visa credit card with XYZ Federal Credit Union and they called me and said that they can not process the application if I do not know any existing member or if I am not employed at one of the list of companies they have. To become a member you have to know a member. So now my app is on hold until I can find someone who is already a member. If you know someone, please tell them to contact me. I am willing to pay $500. And all they ask for is the members name and member number. Thanks.
ABC and XYZ Members Needed!!!
If you are a ABC or XYZ Federal Credit Union member we will pay you $75.00 per member to sponsor other that would like to join the credit union but do not meet the membership requirements. Please email for details.
Following thorough identification and verification processes for new members and new accounts are critical for preventing fraudsters from infiltrating your credit union.
Loss Prevention Recommendations:
Educate credit union employees and members about recruitment scams
Exercise extra due diligence when opening accounts via in person,internet, fax or mail to ensure individuals are eligible for membership.
Verify all information provided for new account applications, including addresses, employment, and eligibility for membership.
Obtain credit reports and investigate fraud flags
If your credit union is targeted, alert members and report the scam to the proper authorities
File a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov related to any suspected fraudulent e-mails, text messages or telephone calls
IC3 is a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance
Potential Phish Threat for Mobile Phone Users
If you have used the Android Marketplace, specifically the Android downloadable by Droid09, it is not a legitimate application. Using your personal computer, NOT your mobile device, please log on to WAVE immediately to reset your login password. Also, immediately take your phone to your mobile provider to have the technical team evaluate your phone to ensure the application is removed and not compromised.
TECHNIQUES USED BY FRAUDSTERS ON SOCIAL NETWORKING SITES
Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users’ “friends”, giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.
Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software. Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your “friends” list, instructing them to download the new application too.
Infected users are often unknowingly spreading additional malware by having infected websites posted on their webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.
Tips on avoiding these tactics:
Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.
Be selective of your friends. Once selected, your “friends” can access any information marked as “viewable by all friends.”
You can select those who have “limited” access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.
Disable options and then open them one by one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site. If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.
Be careful what you click on. Just because someone posts a link or video to their “wall” does not mean it is safe.
Those interested in becoming a user of a social networking site and/or current users are recommended to familiarize themselves with the site’s policies and procedures before encountering such a problem.
Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.
Individuals who experienced such incidents are encouraged to file a complaint at www.IC3.gov reporting the incident.